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DETAILED ACTION 

1. This action is in response to the communication 11/1 3/2006. Claims 1 - 37 were 
received for consideration. No preliminary amendments were filed. Claims 1-37 are 
currently pending. 

Information Disclosure Statement 

2. Three initialed and dated copies of Applicant's IDS form 1449 are attached to the 
Office action. 

Drawings 

3. Figure 1 A and 1 B should be designated by a legend such as -Prior Art- 
because only that which is old is illustrated. See MPEP § 608.02(g). Corrected 
drawings in compliance with 37 CFR 1 .121(d) are required in reply to the Office action 
to avoid abandonment of the application. The replacement sheet(s) should be labeled 
"Replacement Sheet" in the page header (as per 37 CFR 1 .84(c)) so as not to obstruct 
any portion of the drawing figures. If the changes are not accepted by the examiner, the 
applicant will be notified and informed of any required corrective action in the next Office 
action. The objection to the drawings will not be held in abeyance. 
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Double Patenting 

The nonstatutory double patenting rejection is based on a judicially created 
doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the 
unjustified or improper timewise extension of the "right to exclude" granted by a patent 
and to prevent possible harassment by multiple assignees. A nonstatutory 
obviousness-type double patenting rejection is appropriate where the conflicting claims 
are not identical, but at least one examined application claim is not patentably distinct 
from the reference claim(s) because the examined application claim is either anticipated 
by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 
F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.Sd 1046, 29 
USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 
1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 
F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 
644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1 .321(c) or 1 .321 (d) 
may be used to overcome an actual or provisional rejection based on a nonstatutory 
double patenting ground provided the conflicting application or patent either is shown to 
be commonly owned with this application, or claims an invention made as a result of 
activities undertaken within the scope of a joint research agreement. 

Effective January 1 , 1994, a registered attorney or agent of record may sign a 
terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply 
with 37 CFR 3.73(b). 



4. Claims 1-37 rejected on the ground of nonstatutory obviousness-type double 
patenting as being unpatentable over claims 1 -46 of U.S. Patent No. 6,418,444. 
Although the conflicting claims are not identical, they are not patentably distinct from 
each other because the instant case, all elements of claims 1-37 correspond to the 
claims of 1 - 46 of the patent claims, except in the instant claims the elements "a first 
application", "a second application" and "first firewall control block", are referred in the 
patent claims as "computer program" and "a firewall". 

It would have been obvious to one having ordinary skill in the art to recognize 
that "a first application and a second application" are equivalent to "computer program" 
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and "first firewall control block" is equivalent to "a firewall. Claims of the instant 
application are anticipated by patent claims in that the patent claims contains all the 
limitations of the instant application. Claims of the instant application therefore is not 
patentably distinct from the earlier patent claims and as such are unpatentable for 
obvious-type double patenting (In re Goodman (CAFC) 29 USPQ2d 2010 (12/3/1993). 

5. Claims 1-37 rejected on the ground of nonstatutory obviousness-type double 
patenting as being unpatentable over claims 1 - 69 of U.S. Patent No. 6,742,006. 
Although the conflicting claims are not identical, they are not patentably distinct from 
each other because the instant case, all elements of claims 1 - 37 correspond to the 
claims of 1 - 69 of the patent claims, except in the instant claims the elements "a first 
application", "a second application" and "first firewall control block", are referred in the 
patent claims as "computer program" and "a firewall". 

It would have been obvious to one having ordinary skill in the art to recognize 
that "a first application and a second application" are equivalent to "computer program" 
and "first firewall control block" is equivalent to "a firewall. Claims of the instant 
application are anticipated by patent claims in that the patent claims contains all the 
limitations of the instant application. Claims of the instant application therefore is not 
patentably distinct from the earlier patent claims and as such are unpatentable for 
obvious-type double patenting (In re Goodman (CAFC) 29 USPQ2d 2010 (12/3/1993). 
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6. Claims 1 - 37 rejected on the ground of nonstatutory obviousness-type double 
patenting as being unpatentable over claims 1 - 22 of U.S. copending application No. 
10/743,929. Although the conflicting claims are not identical, they are not patentably 
distinct from each other because the instant case, all elements of claims 1 - 37 
correspond to the claims of 1 - 22 of the patent claims and patent claims encompasses 
the scope of Claims 1 - 37 of the instant application. 

The instant application generally claims a computing environment comprising a 
virtual machine, a first application operating on said virtual machine and a first firewall 
control block. Copending application 10/743,929 claims similar limitations except 
"further defines the access privilege of said second application with respect to said first 
application". However, copending application claims, "a first firewall control block, 
wherein said first firewall control block defines access privileges of said first application", 
which is equivalent to the instant application. 

This is a provisional obviousness-type double patenting rejection because the 
conflicting claims have not in fact been patented. 

Claim Rejections - 35 USC § 102 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

7. Claims 1 - 22 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Montgomery et al. (U.S. Patent Number 7,127,605). 
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8. As per Claims 1 , 7 and 14, Montgomery teaches "a virtual machine; a first 
application operating on said virtual machine (Summary and Column 3 lines 28 - 42); 

a second application operating on said virtual machine; and a firewall control 
block, wherein said firewall control block includes one or more of the following: a first 
firewall control block portion, wherein said first firewall control block portion defines 
access privileges of said first application with respect to said second application, and 
further defines the access privileges of said second application with respect to said first 
application, a second firewall control block portion, wherein said second firewall control 
block portion includes: an associate security identification portion that identifies one or 
more associates of said first application as identified associates, wherein each one of 
said one or more identified associates has access privilege with respect to said first 
application (Summary; Column 3 lines 28 - 42 and Column 5 lines 4 - 52); 

an access-operations portion that for each one of said one or more identified 
associates identifies one or more access operations that have been allowed (Column 4 
lines 3 -20)". 

9. As per Claim 1 0, Montgomery teaches "receiving a request from a first Java^*^ 
compliant applet operating on Java™ virtual machine to perform an operation on a 
second Java™ compliant applet, said request including a security identifier that 
identifies said first Java™ compliant applet; reading a firewall control block associated 
with said second Java™ compliant applet (Summary and Column 3 lines 28 - 42); 
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determining whether said firewall control block defines said security identifier as 
an associate of said second Java™ compliant applet; and denying access to said first 
Java™ compliant applet when said determining determines that control block does not 
define said security identifier as an associate (Column 3 lines 28 - 42 and Column 4 
lines 3 -20)". 

10. As per Claim 21 , Montgomery teaches "virtual machine; one or more applications 
operating on said virtual machine; and one or more security context blocks provided for 
said one or more applications, wherein each of said one or more security context blocks 
include: a security identification (Summary and Column 3 lines 28 - 42); and 

a cryptographic system that can be used to perform cryptographic operations, 
wherein said cryptographic operations include cryptographic operations that can be 
performed on said security identification (Column 4 lines 3 - 20)". 

11. As per Claim 27, Montgomery teaches " providing a security context that includes 
a security identification and a cryptographic system; receiving from a first Java™ 
compliant applet a request to perform an operation on a second Java™ compliant 
applet, wherein the request includes a first security identification determining whether 
said first Java™ compliant applet can be authenticated (Summary and Column 3 lines 
28 - 42); and 

presenting the first security identification to said second Java^*^ compliant applet 
only when said determining determines that said first security identification can be 
authenticated (Column 4 lines 3 - 20)". 
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12. As per Claim 32, Montgomery teaches "providing a cryptographic system for a 
first Java™ compliant applet, wherein said cryptographic system includes cryptographic 
keys, wherein said cryptographic keys are suitable for performing cryptographic 
operations using cryptographic algorithms (Summary and Column 3 lines 28 - 42); and 

using, by said first Java™ compliant applet, said cryptographic, to perform a 
cryptographic operation on computer readable data; wherein said cryptographic 
operation is performed by said first Java™ compliant applet without user intervention 
(Column 4 lines 3 - 20)". 

13. As per Claim 33, Montgomery teaches "providing a cryptographic system, 
wherein said cryptographic system includes cryptographic keys, and wherein said 
cryptographic keys are suitable for performing cryptographic operations using 
cryptographic algorithms (Summary and Column 3 lines 28 - 42); and 

receiving a request from a first component to access a resource of said Java™ 
compliant computing environment; and using said cryptographic system to perform at 
least one cryptographic operation to determine whether said first component should be 
granted access to said resource (Column 4 lines 3 - 20)". 

14. As per Claim 2, Montgomery teaches "one or more identifiers that have been 
assigned to said one or more identified associates; and wherein for each one of said 
one identifiers, one or more operations have been defined in said access-operations 
portion (Column 3 lines 28 - 42)". 
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15. As per Claim 4, Montgomery teaches "wherein said computing environment 
includes a second application operating on said virtual machine, wherein said first 
firewall control block includes a security ID of said second application, thereby indicating 
that said second application is an identified associate of said first application, and 
wherein said first firewall control block also includes one or more operations that have 
been defined for said second application, thereby indicating what operations can be 
performed by said second application on said first application (Column 5 lines 2 - 52)". 

16. As per Claim 8, Montgomery teaches "wherein said mobile device is a Java^*^ 
compliant smart card (Column 3 lines 28 - 42)". 

17. As per Claim 1 1 , Montgomery teaches "wherein said method further comprises: 
determining whether said firewall control block defines said operation as an operation 
that should be allowed when said determining determines that said firewall control block 
defines said security identifier as an associate; and granting access to said first Java™ 
compliant applet to perform said operation on said second Java™ compliant applet 
when said determining determines that said firewall control block defines said operation 
as an operation that should be allowed (Column 5 lines 2 - 52)". 

18. As per Claim 15, Montgomery teaches "wherein said first firewall control block 
portion includes a firewall control value and a firewall control indicator (Column 3 lines 
28 - 42)". 
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19. As per Claim 17, Montgomery teaches "wherein said first firewall control block 
portion includes a plurality of firewall control values and a plurality firewall control 
indicators (Column 5 lines 2 - 52)". 

20. As per Claim 1 8, Montgomery teaches "wherein said first firewall control block 
portion includes first and second firewall control values and first and second firewall 
control indicators, wherein the first firewall control value and indicator indicate access 
privileges of said first application to said second application, and wherein said second 
firewall control value and indicator indicate access privileges of said second application 
to said first application (Column 5 lines 2 - 52)". 

21. As per Claim 19, Montgomery teaches "wherein said computing environment is a 
Java^'^ compliant computing environment, and wherein said first and second 
applications are Java^"^ compliant applets (Column 3 lines 28 - 42)". 

22. As per Claim 22, Montgomery teaches "wherein said security identification 
includes one or more security identifiers have been assigned to said one or more 
applications, and wherein said cryptographic system includes: one or more keys; one or 
more key management information that provide information with respect said one or 
more keys; and one or more algorithm identifiers that identify what cryptographic 
algorithm should be used (Column 3 lines 28 - 42 and Column 4 lines 3 - 20)". 
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23. As per Claim 28, Montgomery teaches "wherein said determining of whether said 
first Java™ compliant applet can be authenticated comprises: verifying an encrypted 
string (Column 4 lines 3 - 20)". 

24. As per Claim 29, Montgomery teaches "wherein said determining whether said 
first Java™ compliant applet can be authenticated comprises: sending a random string 
to said first Java™ compliant applet; encrypting, by said first Java™ compliant applet, 
said random string to generate a encrypted string; decrypting said random string to 
generate a decrypted string; and determining whether said decrypted string matches 
•said random string (Column 4 lines 3 - 20)". 

25. As per Claim 30, Montgomery teaches "wherein said authentication can be 
performed without a configuration file (Column 4 lines 3 - 20)". 

26. As per Claim 31 , Montgomery teaches "wherein said authentication can be 
performed without user intervention (Column 4 lines 3 - 20)". 

27. As per Claim 34, Montgomery teaches "wherein said first component is a host 
application that is attempting to access a resource (Column 3 lines 28 - 42)". 

28. As per Claim 36, Montgomery teaches "wherein said first component is a Java™ 
applet (Column 3 lines 28 - 42)". 
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29. As per Claim 3, Montgomery teaches "wherein said one or more operations 
include read, write, delete, create, and update operations (Column 3 lines 28 - 42)". 

30. As per Claim 5, Montgomery teaches "wherein said computing environment is a 
Java™ compliant computing environment, and wherein said first and second 
applications are Java™ compliant applets (Column 3 lines 28 - 42)". 

31. As per Claim 6, Montgomery teaches "wherein said computing environment is a 
Java™ compliant computing environment, and wherein said first firewall control block is 
implemented in the run time environment (Column 5 lines 4 - 52)". 

32. As per Claim 9, Montgomery teaches "wherein a firewall control block is defined 
for every Java™ compliant applet that operates on said Java™ compliant virtual 
machine (Column 3 lines 28 - 42)". 

33. As per Claim 12, Montgomery teaches "wherein said method further comprises: 
providing a reference to said first Java™ compliant applet with a reference to said 
second Java™ compliant when access is granted (Column 3 lines 28 - 42)". 

34. As per Claim 13, Montgomery teaches "wherein said providing of a reference 
comprises: invoking a first method that is implemented as a part of Java™ management 
(or system) environment; and invoking a second method that is implemented as an 
applet class, as a result of said invoking of the second method (Column 3 lines 28 - 
42)". 

35. As per Claim 16, Montgomery teaches "wherein said firewall control value is an 
access privileges control value represented by one or more bytes, and wherein said 
firewall control value is an indicator value represented by one or more bytes that 
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indicate how the firewall control value should be interpreted with respect to access 
privileges of other applications (Column 4 lines 3 - 20)". 

36. As per Claim 20, Montgomery teaches "wherein said computing environment is a 
Java™ compliant computing environment, and wherein said first firewall control block is 
implemented in Java™ run time environment (Column 3 lines 28 - 42)". 

37. As per Claim 23, Montgomery teaches "wherein said cryptographic operations 
include digital signatures, verification, encryption, decryption, and authentication 
(Column 4 lines 3 - 20)". 

38. As per Claim 24, Montgomery teaches "wherein said cryptographic system 
includes one or more cryptographic operation identifiers that identify one or more 
cryptographic operations associated with said one or more keys (Column 4 lines 3 - 
20)". 

39. As per Claim 25, Montgomery teaches "wherein said computing system further 
includes: an encryptor that operates to encrypt a first string using one or more of said 
keys to generate an encrypted string; a decryptor that operates to decrypt said 
encrypted string; and a verifier that operates to determine whether the decrypted string 
can be verified (Column 4 lines 3 - 20)". 

40. As per Claim 26, Montgomery teaches "wherein said computing environment 
further comprises; a Java™ management applet that can operate to authenticate a 
security identification transmitted (Column 3 lines 28 - 42)". 
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41. As per Claim 35, Montgomery teaches "wherein said Java^*^ compliant 
computing environment is a Java™ (Column 3 lines 28 - 42)". 

42. As per Claim 37, Montgomery teaches "wherein said Java™ compliant 
computing environment is a Java™ (Column 3 lines 28 - 42)". 



Conclusion 

43. Examiner's Note: Examiner has cited particular columns and line numbers in the 
references as applied to the claims above for the convenience of the applicant. 
Although the specified citations are representative of the teachings in the art and are 
applied to the specific limitations within the individual claim, other passages and figures 
may apply as well. It is respectfully requested from the applicant, in preparing the 
responses, to fully consider the references in entirety as potentially teaching all or part 
of the claimed invention, as well as the context of the passage as taught by the prior art 
or disclosed by the examiner. 

44. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. See PTO Form 892. 

Applicant is urged to consider the references. However, the references should be 
evaluated by what they suggest to one versed in the art, rather than by their specific 
disclosure. If applicants are aware of any better prior art than those are cited, they are 
required to bring the prior art to the attention of the examiner. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Pramila Parthasarathy whose telephone number is 571- 
272-3866. The examiner can normally be reached on 8:00a.m. To 5:00p.m.. If attempts 
to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Nasser MoazzamI can be reached on 571-232-4195. Any inquiry of a general nature or 
relating to the status of this application or proceeding should be directed to the 
receptionist whose telephone number is 703-305-3900. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR only. For more 
information about the PAIR system, contact the Electronic Business Center (EBC) at 
866-217-9197 (toll-free). 



Pramila Parthasarathy 
June 23, 2007. 



NASSER MOAZZAMi 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 




